Skip to main content
CVE-2022-25893 CRITICAL POC PATCH Act Now

The package vm2 before 3.9.10 are vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Vm2
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-24431 CRITICAL POC Act Now

All versions of package abacus-ext-cmdline are vulnerable to Command Injection via the execute function due to improper user-input sanitization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Abacus Ext Cmdline
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-3184 CRITICAL PATCH Act Now

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the device’s existing firmware allows unauthenticated users to access an old PHP page vulnerable to directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Iboot Pdu4 N20 Firmware Iboot Pdu4Sa N15 Firmware Iboot Pdu4A N15 Firmware +9
NVD
CVSS 3.1
9.8
EPSS
11.6%
CVE-2022-3183 CRITICAL PATCH Act Now

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specific function does not sanitize the input provided by the user, which may expose the affected to an OS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Iboot Pdu4 N20 Firmware Iboot Pdu4Sa N15 Firmware Iboot Pdu4A N15 Firmware Iboot Pdu4Sa N20 Firmware +8
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-4643 CRITICAL PATCH Act Now

A vulnerability was found in docconv up to 1.2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Docconv
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-4639 CRITICAL PATCH Act Now

A vulnerability, which was classified as critical, has been found in sslh.c of the component Packet Dumping Handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Sslh
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-40145 CRITICAL PATCH Act Now

This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apache Karaf
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2022-47635 CRITICAL Act Now

Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, and WMS4 before 4.04.45396.23 allows Server-side request forgery (SSRF) via ZohoClient.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF PHP Wms
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-38546 CRITICAL Act Now

A DNS misconfiguration was found in Zyxel NBG7510 firmware versions prior to V1.00(ABZY.3)C0, which could allow an unauthenticated attacker to access the DNS server when the device is switched to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Authentication Bypass Nbg7510 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy